#5620 Centralize DNS record creation in IPA services
Closed: Fixed None Opened 6 years ago by pspacek.

Problem:
Currently management of internal DNS records for IPA services is scattered all over the installers and it is impossible to e.g. automatically check presence of all records, trigger manual cleanup etc.

For example, bindinstance.remove_ipa_ca_dns_records() method deletes records for IPA CA, but it is find out the currect expected value (the value which should be present in DNS).

Use cases:

  • migration to IPA DNS from non-IPA DNS
  • cleanup after removing broken replica etc.
  • DNS sanity check

Proposal:

  • Each service managed by IPA framework should generate list of DNS records which it requires in its current configuration.
  • The list can be easily printed or compared with data in DNS, so users without non-IPA DNS can easily see what needs to be changed.
  • When IPA DNS is installed, framework can idempotently manage these DNS records. The framework can iterate over list of records and make sure that actual content of DNS matches expected values.

#5620 will make implementation of ticket #4424 easier.

Also #2008 would be hard to implement without #5620.

Moving to 4.4 because this ticket is blocking 4.4 critical ticket

This was done as part of #2008, please see commits there

Metadata Update from @pspacek:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.4

5 years ago

Login to comment on this ticket.

Metadata